Permission and Access Control Vulnerability in ZXV10 XT802/ET301

Original Release Date: August 08 2024

 

Vulnerability ID

CVE ID: CVE-2024-22069             CNNVD ID: CNNVD-2024-30545613

 

CVSS 3.1 Base Score

7.1 HGIH AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L

 

Description

There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXV10 ET301

All versions up to V3.22.11P3

V3.22.11P3

ZXV10 XT802

All versions up to V2.24.10P1

V2.24.10P1

 

Source

The vulnerability was found by external researcher.

 

Acknowledgement

ZTE thanks CNVD for paying attention to our products and cooperating with us to disclose vulnerability.

 

Update Records

August 08 2024, initial.

 

 Version Update Method

Please contact ZTE Global Customer Support Center to obtain the upgraded version.

 

Global Customer Support Center

http://support.zte.com.cn/support/web/Contact.aspx?_langType=en

 

ZTE PSIRT

https://www.zte.com.cn/global/cybersecurity/ztepsirt.html